Difference between revisions of "Client Authentication:Mepis"

From SME Server
Jump to navigationJump to search
m (categorisation)
 
(51 intermediate revisions by 3 users not shown)
Line 5: Line 5:
 
MEPIS LLC was founded in 2002 by computer industry veteran Warren Woodford, to realize his personal vision for a version of Linux that was complete and secure, while also being easy to try, easy to install, and easy to use. Today MEPIS offers personal computing solutions that are popular with people from 2 to 92 years and of all professions. MEPIS products are also available free of charge to not-for-profits, K-12 schools, and private users not requiring support.
 
MEPIS LLC was founded in 2002 by computer industry veteran Warren Woodford, to realize his personal vision for a version of Linux that was complete and secure, while also being easy to try, easy to install, and easy to use. Today MEPIS offers personal computing solutions that are popular with people from 2 to 92 years and of all professions. MEPIS products are also available free of charge to not-for-profits, K-12 schools, and private users not requiring support.
  
==Client configuration for Mepis Client==
+
==Client configuration==
SME Server's has been and remains focused on serving windows clients, however Linux clients also work well with SME.
+
{{Level|advanced}}
  
 +
SME Server's has been and remains focused on serving windows clients, however Linux clients also work well with SME Server.
 +
 +
These instructions are  current for Mepis 7.0 and SME Server 7.3
 +
 +
Client configuration was originally based on http://tech.canterburyschool.org/tech/UbuntuWorkstations.
  
 
===Domain Login===
 
===Domain Login===
 
A Domain login lets users login without admin setting up each user first.
 
A Domain login lets users login without admin setting up each user first.
  
You can use these command line instructions or use your GUI tools.<br>
+
====Client configuration====
Comment out the existing setting and paste the new
+
apt-get install winbind libpam-mount
  
  apt-get install winbind libpam-mount
+
  nano -w /etc/samba/smb.conf
 
   
 
   
nano -w /etc/samba/smb.conf
+
  workgroup = 'Your Windows workgroup' # probably correct, you set this during install
.
+
  security = domain                    # edit, set to user
  workgroup = MYDOMAIN #your workgroup is probably correct, you set this during install
+
wins server 192.168.1.1              # edit, to your server IP
  idmap uid = 10000-20000
+
;password server = *                  # remove line
  idmap gid = 10000-20000
+
winbind uid = 10000-20000
 +
  winbind gid = 10000-20000
 
  template shell = /bin/bash
 
  template shell = /bin/bash
 
  template homedir = /home/%U
 
  template homedir = /home/%U
Line 27: Line 33:
 
  winbind enum groups = yes
 
  winbind enum groups = yes
 
  winbind cache time = 10
 
  winbind cache time = 10
  winbind separator = +
+
  winbind separator = /
security = domain
 
password server = *
 
 
  winbind use default domain = yes
 
  winbind use default domain = yes
 +
acl compatibility = winnt
  
 
  nano -w /etc/nsswitch.conf
 
  nano -w /etc/nsswitch.conf
  .
+
   
 
  passwd: compat winbind  
 
  passwd: compat winbind  
 
  group: compat winbind
 
  group: compat winbind
 
  shadow: compat winbind
 
  shadow: compat winbind
 +
hosts:  files wins dns
  
 
  nano -w /etc/pam.d/common-account
 
  nano -w /etc/pam.d/common-account
  .
+
   
 
  account sufficient      pam_winbind.so
 
  account sufficient      pam_winbind.so
 
  account required        pam_unix.so
 
  account required        pam_unix.so
  
 
  nano -w /etc/pam.d/common-auth
 
  nano -w /etc/pam.d/common-auth
  .
+
   
 
  auth    required        pam_mount.so
 
  auth    required        pam_mount.so
  #
+
   
## use the follolwing "auth" line by itself to restrict local access (a bit paranoid) -
 
 
  ## will validate ONLY off of network
 
  ## will validate ONLY off of network
 
  #auth  required        pam_winbind.so use_first_pass
 
  #auth  required        pam_winbind.so use_first_pass
  #
+
   
## use the TWO "auth" lines below for either network or local validation -
 
 
  ## will validate off of EITHER network or local passwd db
 
  ## will validate off of EITHER network or local passwd db
 
  auth    sufficient      pam_winbind.so use_first_pass
 
  auth    sufficient      pam_winbind.so use_first_pass
Line 57: Line 61:
  
 
  nano -w /etc/pam.d/common-session
 
  nano -w /etc/pam.d/common-session
  .
+
   
 
  session required        pam_unix.so
 
  session required        pam_unix.so
 
  session required        pam_mkhomedir.so umask=0022 skel=/etc/skel/
 
  session required        pam_mkhomedir.so umask=0022 skel=/etc/skel/
 
  session optional        pam_mount.so
 
  session optional        pam_mount.so
  
  /etc/init.d/winbind start
+
  optional, do later if needed, add to
 +
nano -w /etc/hosts
 +
192.168.1.1        YourServername
  
This is where SME doesn't support linux clients as well as windows, so... logon to your SME Server
+
/etc/init.d/samba restart
 +
/etc/init.d/winbind restart
 +
 
 +
If you misconfigure a file and lock yourself out of the workstation <br>
 +
hit spacebar at the grub prompt  <br>
 +
change to root=(leave as is) single <br>
 +
login as root and check your config files
 +
 
 +
====Connect to domain====
 +
on SME 7.3 and above
 +
 
 +
On the client [''Workgroup'' is your SME Server Workgroup]
 +
and admin may be any user in the 'domain-admin' group
 +
net rpc join -D '''WorkGroup''' -U admin
 +
 
 +
Log out, and now you should have all your SME Users in your login 'user list'
 +
 
 +
====Mounting Shares====
 +
pam_mount works well if you use domain logins, other methods are too much trouble.
 +
 
 +
mount your server home directory and ibays
 +
 
 +
nano -w /etc/security/pam_mount.conf
 
   
 
   
To check your client values > K menu > Setting Configuration > Internet and Networking > Samba <br>
+
volume * smbfs servername  &    /home/&/Desktop/&      uid=&,gid=10000,dmask=0700 - -
'''ClientName''' is the NetBIOS Name, NOTE: you must add the trailing $ <br>
+
volume * smbfs servername  ibay1 /home/&/Desktop/ibay1  uid=&,gid=10000,dmask=0700 - -
'''Workgroup''' is Workgroup, your local '''windows''' domain  <br>
+
 
 +
===Printing===
 +
Printing to your SME Server depends on your printers being supported by cups
 +
 
 +
'''cupsd'''
 +
 
 +
When you install mepis, when asked you should elect to run cupsd
 +
 
 +
check and if necessary change with
 +
ls -la /etc/rc5.d/???cupsys
 +
  cd /etc/rc5.d
 +
mv K??cupsys S20cupsys
 +
 
 +
'''Configure printer'''
  
signal-event machine-account-create  ClientName$
+
K menu > Settings > Peripherals > Printers
smbpasswd -a -m ClientName$
 
  
Now back to mepis and join the workgroup/domain
+
Administrator Mode
  net rpc join -D WorkGroup -U admin
 
  
Ideas borrowed from http://tech.canterburyschool.org/tech/UbuntuWorkstations , Thanks !
+
Add Printer > SMB Printer > Normal Account, and enter your SME username and password
  
===Mounting Shares===
+
Enter your workgroup, servername, and printer name as setup in the /server-manager workgroup and printer panels
  
====pam_mount.conf====
+
Select your Printer from the cups database, check settings and print a test page
edit /etc/security/pam_mount.conf <br>
 
as per step 5. in the canturbury ubuntu howto <br>
 
the permissions need work, please update here with better values
 
  
====smb4k====
+
Enter the rest of wizard details to suit.
Mount any Samba share in you local network with smb4k
 
  
K menu > Internet > Connection > Smb4k File Browser
+
You can monitor your cups printers at YourClientIP:631
  
Create a password for your Kwallet
+
===Ident===
 +
If using Ident Authentication for browsing
 +
apt-get install ident2
  
Settings > Configure, and configure to suit
 
  
Click on your Server and the share you wish to mount
+
===PPTP Connection===
 +
When you install mepis, when asked you should elect to run ppp
  
To have smb4k run on startup
+
To Connect to a remote SME Server
 +
apt-get install pptp-linux kvpnc
  
Right click, send to desktop, K menu > Internet > Connection > Smb4k File Browser
+
K menu > Internet > Connection > VPN Client
  
Open your documents folder, menu > view > show hidden files
+
===Applications===
 +
*Install VMware, http://www.mepis.org/docs/en/index.php/VMWare#MEPIS_7.0
  
Drag the shortcut to the folder /home/stephen/.kde/Autostart, create if neccesary
+
*Install a subversion client, synaptic -> kdesvn
  
===Printing===
+
*Enable mp3 & multimedia
 +
:Synaptic > settings > repositories. Activate the repository for Debian-Multimedia
 +
:Then install Libdvdcss2 and w32codecs
 +
 
 +
===Settings===
 +
*Thunderbird, to enable links in email
 +
:Advance,General,Config Editor, Right Click, New > String
 +
: preference=network.protocol-handler.app.http, string=firefox
 +
: preference=network.protocol-handler.app.https, string=firefox
 +
 
 +
*Enable Numlocks
 +
:http://www.mepis.org/node/6937
 +
 
 +
----
 +
[[Category:Howto]]
 +
[[Category:Administration]]

Latest revision as of 20:34, 11 May 2010

About Mepis

http://www.mepis.com

MEPIS LLC was founded in 2002 by computer industry veteran Warren Woodford, to realize his personal vision for a version of Linux that was complete and secure, while also being easy to try, easy to install, and easy to use. Today MEPIS offers personal computing solutions that are popular with people from 2 to 92 years and of all professions. MEPIS products are also available free of charge to not-for-profits, K-12 schools, and private users not requiring support.

Client configuration

PythonIcon.png Skill level: advanced
The instructions on this page may require deviations from standard procedures. A good understanding of linux and Koozali SME Server is recommended.


SME Server's has been and remains focused on serving windows clients, however Linux clients also work well with SME Server.

These instructions are current for Mepis 7.0 and SME Server 7.3

Client configuration was originally based on http://tech.canterburyschool.org/tech/UbuntuWorkstations.

Domain Login

A Domain login lets users login without admin setting up each user first.

Client configuration

apt-get install winbind libpam-mount
nano -w /etc/samba/smb.conf

workgroup = 'Your Windows workgroup'  # probably correct, you set this during install
security = domain                     # edit, set to user
wins server 192.168.1.1               # edit, to your server IP
;password server = *                  # remove line
winbind uid = 10000-20000
winbind gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%U
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
winbind separator = /
winbind use default domain = yes
acl compatibility = winnt
nano -w /etc/nsswitch.conf

passwd: compat winbind 
group: compat winbind
shadow: compat winbind
hosts:  files wins dns
nano -w /etc/pam.d/common-account

account sufficient      pam_winbind.so
account required        pam_unix.so
nano -w /etc/pam.d/common-auth

auth    required        pam_mount.so

## will validate ONLY off of network
#auth   required        pam_winbind.so use_first_pass

## will validate off of EITHER network or local passwd db
auth    sufficient      pam_winbind.so use_first_pass
auth    required        pam_unix.so use_first_pass
nano -w /etc/pam.d/common-session

session required        pam_unix.so
session required        pam_mkhomedir.so umask=0022 skel=/etc/skel/
session optional        pam_mount.so
optional, do later if needed, add to
nano -w /etc/hosts
192.168.1.1         YourServername
/etc/init.d/samba restart
/etc/init.d/winbind restart

If you misconfigure a file and lock yourself out of the workstation
hit spacebar at the grub prompt
change to root=(leave as is) single
login as root and check your config files

Connect to domain

on SME 7.3 and above

On the client [Workgroup is your SME Server Workgroup] and admin may be any user in the 'domain-admin' group

net rpc join -D WorkGroup -U admin

Log out, and now you should have all your SME Users in your login 'user list'

Mounting Shares

pam_mount works well if you use domain logins, other methods are too much trouble.

mount your server home directory and ibays

nano -w /etc/security/pam_mount.conf

volume * smbfs servername  &     /home/&/Desktop/&      uid=&,gid=10000,dmask=0700 - -
volume * smbfs servername  ibay1 /home/&/Desktop/ibay1  uid=&,gid=10000,dmask=0700 - -

Printing

Printing to your SME Server depends on your printers being supported by cups

cupsd

When you install mepis, when asked you should elect to run cupsd

check and if necessary change with

ls -la /etc/rc5.d/???cupsys
cd /etc/rc5.d
mv K??cupsys S20cupsys

Configure printer

K menu > Settings > Peripherals > Printers

Administrator Mode

Add Printer > SMB Printer > Normal Account, and enter your SME username and password

Enter your workgroup, servername, and printer name as setup in the /server-manager workgroup and printer panels

Select your Printer from the cups database, check settings and print a test page

Enter the rest of wizard details to suit.

You can monitor your cups printers at YourClientIP:631

Ident

If using Ident Authentication for browsing

apt-get install ident2


PPTP Connection

When you install mepis, when asked you should elect to run ppp

To Connect to a remote SME Server

apt-get install pptp-linux kvpnc

K menu > Internet > Connection > VPN Client

Applications

  • Install a subversion client, synaptic -> kdesvn
  • Enable mp3 & multimedia
Synaptic > settings > repositories. Activate the repository for Debian-Multimedia
Then install Libdvdcss2 and w32codecs

Settings

  • Thunderbird, to enable links in email
Advance,General,Config Editor, Right Click, New > String
preference=network.protocol-handler.app.http, string=firefox
preference=network.protocol-handler.app.https, string=firefox
  • Enable Numlocks
http://www.mepis.org/node/6937